Cyber X-Games takes on critical infrastructure defense

Federal law prohibits the deployment of the U.S. military to enforce domestic policies. But nothing prevents the military from using its cyber assets to protect the civilian digital infrastructure.

That’s good, particularly in light of recent reports exposing the vulnerability of the infrastructure that supports electricity grids, dams, air traffic control and other critical sectors. If those industries are compromised, it could threaten the country’s national security. 

For the first time, the Army’s annual Cyber X-Games focused specifically on protecting critical infrastructure and included of survey and reconnaissance of the cyber environment, inject detection and response and live red/blue teaming.

Hosted by the University of Texas at San Antonio (UTSA) in June, Cyber X-Games 2018 brought together 72 participants from various Army Reserve cyber and network defense units, Air Force cyber and network operations centers, ROTC cadets, and civilian network and cybersecurity professionals from government contractors to respond to attack scenarios on critical civilian networks.

Glenn Dietrich, a professor of information systems and cybersecurity at UTSA and one of the game’s coordinators, said the exercise involved 10 teams responding to approximately 300 scenarios of attacks on civilian infrastructure, including the chemical, energy, electricity, transportation and finance industries.

Participants gave the exercise high marks for driving home the importance of military specialists working with cybersecurity experts from the civilian side. "The biggest thing I learned was communication among the team,” said Army Reservist 1st Lt. Michael Stoner. By working with various military and civilian cybersecurity professionals, participants learned "how to operate and problem-solve in an environment like the one that was presented."

Dietrich said the exercise shone a needed spotlight on the national security implications of vulnerable civilian infrastructure.  But he warned that there is a big difference between exercises and real-world threats, and a lot more work needs to be done. 

“The scenarios are not the real world,” Dietrich said.  “I don’t think any of our infrastructure is safe. There’s nothing that cannot be hacked.”

He added that one of the major takeaways from this year’s Cyber X-Games “is that the Army can respond to these kinds of emergencies.” He predicted that Army and National Guard troops will become the first responders for cyberattacks in many states.

“That’s part of their training, and I think that is a good thing,” he said.